General

  • Target

    668294f43a1f421663bbd207c00d636e45e9c21f0210e921aaac8ef28fc22907

  • Size

    93KB

  • Sample

    221120-e3lagaba5s

  • MD5

    3aa64b084e8c16c40510402fef1daf90

  • SHA1

    4916649527a669996f66d31b1cccc4cb074351d4

  • SHA256

    668294f43a1f421663bbd207c00d636e45e9c21f0210e921aaac8ef28fc22907

  • SHA512

    7b4ad6e0b9e4cf42a758402b589d7b884cc6598433d83e18e2348e9fd3912ad78ddd103b4cf9e1e4c98e16a89d0a51e36e2b5d01dd76e16e34bb74e3e7e9320d

  • SSDEEP

    1536:B3wA+4n/6C1QC5s2DnT+HuU8zoUo7KEuk1gNvMNRNj2P0BRdq173vZ4fUKALU2W:B3L3MC5rbT+HN8MUoWCaNvMTNjLDdq1X

Malware Config

Extracted

Family

pony

C2

http://skpoydy.pw:4915/way/like.php

http://sotyksy.pw:4915/way/like.php

Targets

    • Target

      668294f43a1f421663bbd207c00d636e45e9c21f0210e921aaac8ef28fc22907

    • Size

      93KB

    • MD5

      3aa64b084e8c16c40510402fef1daf90

    • SHA1

      4916649527a669996f66d31b1cccc4cb074351d4

    • SHA256

      668294f43a1f421663bbd207c00d636e45e9c21f0210e921aaac8ef28fc22907

    • SHA512

      7b4ad6e0b9e4cf42a758402b589d7b884cc6598433d83e18e2348e9fd3912ad78ddd103b4cf9e1e4c98e16a89d0a51e36e2b5d01dd76e16e34bb74e3e7e9320d

    • SSDEEP

      1536:B3wA+4n/6C1QC5s2DnT+HuU8zoUo7KEuk1gNvMNRNj2P0BRdq173vZ4fUKALU2W:B3L3MC5rbT+HN8MUoWCaNvMTNjLDdq1X

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Drops file in Drivers directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks